Date: Thu, 16 Sep 2004 04:12:41 -0000 From: Max Laier <max@love2party.net> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: why multiple CARP groups Message-ID: <200408172154.06428.max@love2party.net> In-Reply-To: <200408172022.21707.max@love2party.net> References: <200408052130.51026.max@love2party.net> <4121C8A1.40304@hgdbroadband.com> <200408172022.21707.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_eJmIBHAvQC5yFn4 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 17 August 2004 20:22, Max Laier wrote: > On Tuesday 17 August 2004 10:58, sam wrote: > > Hi, > > > > I need to get adviced by someone for the usage of CARP+pfsync. > > With the BIG example as described in the following page: > > http://www.countersiege.com/doc/pfsync-carp/#big > > I don't understand why create a different CARP group for each > > application server instead of using only one CARP interface for 4 > > internal application servers is better. > > > > With only one CARP address for 4 application servers, traffic still can > > be redirected to another app server if one is died. Unless one CARP > > address is not efficient. > > > > Can anyone please explain the difference using multiple CARP groups > > instead of one CARP address? > > The example uses a "rdr source-hash" rule to load balance over the four > virtual addresses. You cannot use the CARP version of source-hash as the > clients are behind the firewalls and will not balance as a result. Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same= =20 effect and (now much clearer (I hope)) reasoning. The servers will see only= =20 the firewall arps and not those of the clients. While they will indeed see= =20 the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to=20 loadbalance between the two firewalls, btw. > If one server dies one of the remaining 3 takes over and has to take twice > the load until the failed server comes back (or the admin modifies the rdr > rule). =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_eJmIBHAvQC5yFn4 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD4DBQBBImJeXyyEoT62BG0RAk7HAJjX91CFCXnVbuafU77ERaklBhpbAJ4gjt1n U0UgIfGgNXj88b89pYACWA== =OI5p -----END PGP SIGNATURE----- --Boundary-02=_eJmIBHAvQC5yFn4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408172154.06428.max>